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CLAIMS 

1. A method for regulating access to an object comprising the steps of: 

for a plurality of users, allowing each user to designate the relationship characteristics 
between that user and any other user; 

identifying one of the plurality of users as an owner of the object; 

determining if one of the plurality of users has access to the object by determining if 
the relationship characteristics on at least one path between the one of the plurality of users 
and the owner of the object is a trusted relationship between each of the users on that path, 
wherein said path includes at least one other user beside said owner of the object and the one 
of the plurality of users. 

2. A method for regulating access to an object as in claim 1 wherein the 
relationship characteristics include one or more conditions such that the relationship 
characteristics are valid if and only if the one or more conditions are met. 

3. A method for regulating access to an object as in claim 1 wherein the 
relationship characteristics include one or more methods of detennining a condition such that 
the relationship is valid if and only if the one or more methods of determining a condition 
confirm validity of the relationships characteristic. 

4. A method for regulating access to an object as in claim 1 wherein the owner of 
an object may designate another user as acting on behalf of the owner. 

5. A method for regulating access to an object as in claim 1 wherein the 
relationship characteristics include a trust relationship between the trusted user and the 
designating user. 

6. A method for regulating access to an object as in claim 1 wherein the 
relationship characteristics include a trust relationship between the trusted user and the 
designating user, wherein the trust relationship limits the tasks the trusted user may perform. 

7. A method for regulating access to an object as in claim 1 wherein the 
relationship characteristics include a trust relationship between the trusted user and the 
designating user, wherein the trust relationship limits the objects the trusted user may access. 
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8. A method for regulating access to an object as in claim 7 wherein the trust 
relationship is limited to types of objects. 

9. A method for regulating access to an object as in claim 7 wherein the trust 
relationship is limited to selected of objects. 

10. A method for regulating access to an object as in claim 1 wherein the 
relationship characteristics include a distrusted relationship between the distrusted user and 
the designating user. 

11. A method for regulating access to an object as in claim 1 0 wherein the 
distrusted relationship has an intermediary scope. 

12. A method for regulating access to an object as in claim 10 wherein the 
distrusted relationship has an terminal scope. 

13 . A method for regulating access to an object as in claim 1 wherein the 
relationship characteristics include a trust relationship between the trusted user and the 
designating user and wherein the trust relationship specifies a maximum number of 
relationships on a path. 

14. A method for regulating access to an object as in claim 13 wherein the 
maximum number of relationships is one. 

15. A method of regulating access to an object, the method comprising the steps 

of: 

identifying an object or a set of objects to which access is to be regulated; 

identifying an owner that has control of the object(s); 

identifying an a relationship path which would otherwise be a valid path; 

allowing each relationship element to specify the maximum number of subsequent 
elements in the path; and 

classifying that relationship path as invalid if for any element in that path the number 
of subsequent elements in the path exceeds the limit specified by that element. 

16. A method for regulating access to an object as in claim 15 wherein the 
relationship path includes a plurality of relationship characteristics and at least one 
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relationship characteristic includes one or more conditions such that the relationship 
characteristics are valid if and only if the one or more conditions are met. 

17. A method for regulating access to an object as in claim 15 wherein the 
relationship path includes a plurality of relationship characteristics and at least one 
relationship characteristic includes one or more methods of determining a condition such that 
the relationship is valid if and only if the one or more methods of determining a condition 
confirm validity of the relationships characteristic. 

18. A method for regulating access to an object as in claim 15 wherein the owner 
of an object may designate another user as acting on behalf of the owner. 

19. A method for regulating access to an object as in claim 1 5 wherein the 
relationship path includes a plurality of relationship characteristics and at least one 
relationship characteristic includes a trust relationship between the trusted user and the 
designating user, wherein the trust relationship limits the tasks the trusted user may perform. 

20. A method for regulating access to an object as in claim 15 wherein the 
relationship path includes a plurality of relationship characteristics and at least one 
relationship characteristic includes a trust relationship between the trusted user and the 
designating user, wherein the trust relationship limits the objects the trusted user may access. 

21 . A method for regulating access to an object as in claim 20 wherein the trust 
relationship is limited to types of objects. 

22. A method for regulating access to an object as in claim 20 wherein the trust 
relationship is limited to selected of objects. 

23. A method of resolving a conflict regarding a specified access to an object, the 
method comprising the steps of: 

identifying a set of entities that have control of the object(s); 

defining an event of access conflict as the condition wherein one or more entity 
relationship(s) would grant the specified access to the object(s) and one or more entity 
relationship^) would deny the specified access to the object(s); 

defining one or more classes of relationships between the object(s) and controlling 
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entities; 

defining a hierarchy for the classes of object-entity relationships that is used to 
establish precedence in the event of an access conflict; 

defining an equivalent class resolution rule for event(s) of access conflict wherein the 
5 controlling entity relationships for one or more relationship class to the object would grant 
the specified access and the controlling entity relationships for one or more relationship class 
with the same level in the class relationship hierarchy would deny the specified access to the 
object(s); 

defining a within class resolution rule for event(s) of access conflict wherein the 
10 conflict arises among multiple entities which have the same class of relationship to the 
object(s); and 

allowing or disallowing the specified access to the object(s) based on the entity 
relationship(s) based on the highest level class relationship to the object, the within class 
resolution rule, and the equivalent class resolution rule. 

15 24. A method of regulating access to an object or set of objects, the method 

comprising the steps of: 

identifying an entity; 

defining one or more classes of control; and 

specifying for the entity a set of zero or more conditions and/or a set of zero or more 
20 methods of determining a condition such that the entity is designated as a controlling entity of 
a specified class if and only if the said set of conditions is (are) met and/or the method(s) of 
determining a condition confirm(s) compliance. 

25. A method of regulating access to an object, the method comprising the steps 

of: 

25 identifying an object or a set of objects to which access is to be regulated; 

identifying an entity that has control of the object(s); 
identifying an a relationship path which would otherwise be a valid path; 
defining a distrust relationship as the designation of a distrustee as distrusted by a 
distrastor; 

30 specifying for each distrust relationship a set of zero or more conditions and/or a set 

of zero or more methods of determining a condition such that the relationship is valid if and 
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only if the said set of conditions is (are) met and/or the method(s) of determining a condition 
confirm(s) validity; and 

classifying that relationship path as invalid if for any element in that path the grantee 
of that element is the distrustee of the distrust relationship. 



